php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #63835 two cookie in request ,get comma in first cookie name
Submitted: 2012-12-22 17:21 UTC Modified: 2012-12-25 03:01 UTC
From: tom916 at qq dot com Assigned: laruence (profile)
Status: Wont fix Package: *General Issues
PHP Version: 5.3Git-2012-12-22 (Git) OS: linux
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: tom916 at qq dot com
New email:
PHP Version: OS:

 

 [2012-12-22 17:21 UTC] tom916 at qq dot com 
Description:
------------
When the browser client send 2 Cookie: in header,the php get first cookie name has a comma in the fist char。God know know the browser send 2 Cookie in header ?


Array
(
    [,_a] => 1
)

Test script:
---------------
------------------show_cookie.php--------------
<?php
print_r($_COOKIE);

------------------send_cookie.php--------------
<?php
$fp = fsockopen("localhost", 50080, $errno, $errstr, 30); //my apache listen on 50080
if (!$fp) {
    echo "$errstr ($errno)<br />\n";
} else {
    $out = "GET /show_cookie.php HTTP/1.1\r\n";
    $out .= "Host: localhost:50080\r\n";
    $out .= "Cookie:\r\n";
    $out .= "Cookie: a=1\r\n";
    $out .= "Connection: Close\r\n\r\n";
    fwrite($fp, $out);
    while (!feof($fp)) {
        echo fgets($fp, 128);
    }
    fclose($fp);
}


php send_cookie.php

---------result-----------
HTTP/1.1 200 OK
Date: Sat, 22 Dec 2012 17:11:59 GMT
Server: Apache/2.2.17 (Unix) PHP/5.3.3
X-Powered-By: PHP/5.3.3
Content-Length: 25
Connection: close
Content-Type: text/html

Array
(
    [,_a] => 1
)


Expected result:
----------------
Array
(
    [a] => 1
)

Actual result:
--------------
Array
(
    [,_a] => 1
)

Patches

bug63835.patch (last revision 2012-12-23 06:04 UTC by laruence@php.net)

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2012-12-23 05:46 UTC] laruence@php.net 
I don't think it's a php specific bug, php read the cookie via apache 
apr_table_get

 
apr_table_get return ", a=1" in your case.
 [2012-12-23 05:48 UTC] laruence@php.net 
oh, ignore my previous comment, apache return a comma separated string if there is 
multi cookie headers
 [2012-12-23 06:04 UTC] laruence@php.net 
The following patch has been added/updated:

Patch Name: bug63835.patch
Revision:   1356242654
URL:        https://bugs.php.net/patch-display.php?bug=63835&patch=bug63835.patch&revision=1356242654
 [2012-12-23 08:05 UTC] tom916 at qq dot com 
Thank you very much to help me solve the problem in such a short time. Do you know why the browser will send the cookie header? Our website every day will receive nearly 10,000 such requests.
 [2012-12-23 08:05 UTC] tom916 at qq dot com
-Status: Open +Status: Closed
 [2012-12-23 08:52 UTC] tom916 at qq dot com
-Status: Closed +Status: Assigned
 [2012-12-23 08:52 UTC] tom916 at qq dot com 
Now if the cookie name has a comma ,It becomes 2 cookie name

<?php
$fp = fsockopen("localhost", 50080, $errno, $errstr, 30);
if (!$fp) {
    echo "$errstr ($errno)<br />\n";
} else {
    $out = "GET /show_cookie.php HTTP/1.1\r\n";
    $out .= "Host: localhost:50080\r\n";
//    $out .= "Cookie:\r\n";
    $out .= "Cookie: a=1; b=2; c,d=abc\r\n";
    $out .= "Connection: Close\r\n\r\n";
    fwrite($fp, $out);
    while (!feof($fp)) {
        echo fgets($fp, 128);
    }
    fclose($fp);
}



----------------------------
Array
(
    [a] => 1
    [b] => 2
    [c] => 
    [d] => abc
)
 [2012-12-23 17:57 UTC] felipe@php.net
-Assigned To: +Assigned To: laruence
 [2012-12-24 03:33 UTC] laruence@php.net 
I have no idea why some browser will do this, but I can not find a proof that 
doesn't allow this.

anyway, this fix will introduce bc break, like, before,

cookie: userids=123,1232,123213;

I saw such usage before, so... I didn't commit this.  I will try to find some 
fix in the apache apis
 [2012-12-24 03:59 UTC] pierrick@php.net 
RFC2616 says : Multiple message-header fields with the same field-name MAY be 
present in a message if and only if the entire field-value for that header field 
is defined as a comma-separated list [i.e., #(values)]. It MUST be possible to 
combine the multiple header fields into one "field-name: field-value" pair, 
without changing the semantics of the message, by appending each subsequent 
field-value to the first, each separated by a comma. The order in which header 
fields with the same field-name are received is therefore significant to the 
interpretation of the combined field value, and thus a proxy MUST NOT change the 
order of these field values when a message is forwarded.
 [2012-12-24 04:02 UTC] laruence@php.net 
@pierrick, thanks,  I also found a page:  
http://kristol.org/cookie/errata.html   ;)
 [2012-12-24 04:39 UTC] pierrick@php.net 
RFC6265 is the last specification for HTTP State Management Mechanism.

Section 4.2.1 says that the grammar for the Cookie header is 

   cookie-header = "Cookie:" OWS cookie-string OWS
   cookie-string = cookie-pair *( ";" SP cookie-pair )

Since RFC2626 (HTTP) only allows multiple message-header fields with the same if and only if the entire field-value for 
that header field is defined as a comma-separated list, I guess having multiple Cookie: header is not a valid case.
 [2012-12-24 05:15 UTC] laruence@php.net 
@pierrick , thanks for the explaination, and after some search, I also reached 
that we can not fix this without any side-affect(BC break),

so, I think maybe won't fix. 

thanks
 [2012-12-25 03:01 UTC] laruence@php.net
-Status: Assigned +Status: Wont fix
 [2012-12-25 03:01 UTC] laruence@php.net 
as we discussed before,closed.

maybe you can file a bug to apache, it should not accept two cookies since they 
can not be combined
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved. 		Last updated: Mon Dec 08 18:00:01 2025 UTC